CHAPTER 19Auditing Cybersecurity: Guides for Auditors and the Audited

“Auditing is the vigilant sentinel that safeguards the fortress of cybersecurity, revealing vulnerabilities, fortifying defenses, and preserving the integrity of digital realms.”

Cybersecurity auditing is pivotal for establishing secure information technology practices in the digital age. It encompasses a range of important topics that are critical for both auditors and those being audited. This includes understanding the shifting role of auditors in the contemporary digital environment, grasping essential cybersecurity concepts, and delving into the specifics of audit charters and engagements. In addition, risk‐based auditing represents a significant aspect of this landscape, highlighting the need to focus on areas with the highest potential risk in cybersecurity.


The modern digital age has brought many changes in how businesses operate. With a vast digital landscape to oversee, the importance of cybersecurity audits and the role of auditors in ensuring cyber resilience have dramatically evolved. The key to understanding the direction of this evolution and how organizations can utilize it for their betterment lies in grasping the scope and objectives of cybersecurity audits in the current era.

Digital transformation has become the norm, with businesses depending heavily on digital infrastructures, regardless of size or sector. As these systems grow in complexity, ...

Get The Cybersecurity Guide to Governance, Risk, and Compliance now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.